MANILA, Philippines — The National Privacy Commission (NPC) has summoned the data privacy officers of telecom companies to a meeting today to find ways to end a growing text scam victimizing Filipino consumers.
Complaints mounted in the past few days about the thousands of text messages from random numbers offering nonexistent jobs to unsuspecting victims. Referred to as smishing, it is classified as a cybersecurity attack carried out over mobile text messaging wherein victims are deceived into giving personal data that the perpetrators use to commit fraud, which usually is to steal money.
In today’s meeting called by the NPC, which will also include data privacy officers of e-commerce sites such as Lazada and Shopee as well as banks, “we want to understand from the telcos how come these texts are being sent through their infrastructure and what are the steps that they’re taking to curb this,” NPC Chair Raymund Liboro said.
The NPC will also urge the telcos to adopt a US-style system of caller identity verification to protect consumers.
“In the US, they have this call attestation, meaning it’s like a caller ID. So far this only applies to voice calls, but I think they’re still coming up with the version for SMS,” Liboro said.
This is seen as a vetting system for postpaid mobile phone users so that legitimate telemarketers could still operate.
“So if there’s a prepaid (line) offering get-rich quick schemes, you know it’s a scam. And if you’re a legitimate business, why won’t you go for a call that can be attested?” Liboro said.
Based on a briefer by the US Federal Communications Commission (FCC), “caller ID authentication technology enables subscribers to trust that callers are who they say they are, reducing the effectiveness of fraudulently spoofed calls.”
The NPC said the smishing activities pestering Metro Manila was probably run by a “global crime syndicate, not by a group that has gained unauthorized access to contact-tracing forms.”
“We discovered that this is an elaborate scam this is not unique to the Philippines,” Liboro said, citing similar occurrences in India, Malaysia, Singapore, and Taiwan.
“If our initial findings prove true, that personal data is being exploited by criminals abroad, then this becomes a matter of national security, which should compel the government, the private sector, and advocate groups to work hand in hand and take more urgent and concrete action to safeguard,” Liboro said.
Liboro dismissed earlier suspicions that the personal data and contact details in the hands of scammers and spammers were from the health forms submitted as part of contact-tracing requirements during the pandemic.
“Even my two kids who don’t go out and did not fill up any health declaration form received these texts,” he said.
Legislation
Two senators on Tuesday also called on the NPC to craft plans to combat the text scam.
Sen. Joel Villanueva said any measures that the NPC would formulate must address the growing complaints of mobile phone subscribers on unwanted text messages, while Congress tackled the passage of a proposed law requiring mobile service carriers to set up a registry of subscribers who do not want to receive promotional SMS.
“We hope that the NPC will have a clear-cut action plan after the meeting (today),” he said.
He, however, clarified that any step to be taken by the NPC would be merely administrative and would need additional government action of legislation and prohibition.
“A permanent solution requires three legs to stand on,” he said, as he alluded to the proposed No Call, No Text, and No E-mail Registration System Act, which seeks to prohibit nonregistered numbers using an automatic dialer or any electronic device that can blast messages to telephone numbers.
“The NPC should urgently find the culprits behind these spam text messages, lest people further lose trust in the government’s contact-tracing efforts,” Sen. Leila de Lima said.
Text blasters
While Congress works on this bill, Villanueva said the government should go after smugglers of banned text blast machines, a portal device that can transmit up to 100,000 texts an hour.
According to Villanueva, the device works by tapping nearby cell towers or functions as portable cell sites that can send out messages in bulk but not receive them.
In October, De Lima filed proposed Senate Resolution No. 934 urging Congress to investigate the reported sale of text blast machines on Facebook, Lazada, and Shopee that were being used for partisan political activities.
In the resolution, De Lima underscored the need to strengthen the Free Mobile Disaster Alerts Act and prevent the use of text blast machines not intended for emergency use.
Safety precautions
PLDT Inc. and its mobile unit Smart Communications Inc. said they have started blocking spam messages on their network.
In a statement on Tuesday, Smart said it was joining the National Telecommunications Commission (NTC), the NPC, and the Department of Trade and Industry to “investigate and stop the proliferation of SMS spam-based scam and fraud.”
PLDT and Smart chief information and security officer Angel Redoble said the company successfully blocked hundreds of mobile numbers and about 40 domains and IP addresses involved in this scam, “which leads us to believe that this is a huge and sophisticated scam by an organized global syndicate.”
PLDT-Smart said another 400 to 500 mobile numbers connected to SMS hoaxes and scams have been blocked daily from Oct. 21 to Nov. 20 this year.
In the meantime, Redoble has urged people “to be very paranoid and to never share sensitive information especially with strangers no matter how enticing the offer may sound.”
“We also encourage our customers to be extremely vigilant and to be on the lookout for these SMS spamming accounts so that we can work with the authorities to prevent these scams and eventually stop these cybercriminals,” PLDT and Smart president and CEO Alfredo Panlilio said in the same statement.
The telco giant urged subscribers to ignore messages from unknown senders and not divulge any personal information.
They may also use their SMS app’s built-in blocking feature.
Mobile users who receive these suspicious and unsolicited SMS may also report the scammers and their numbers to the NTC via https://ntc.gov.ph/complaint.
The NTC, after due process, may then order Smart to cut the cybercriminals’ numbers, the company said.